Police In Japan Are Asking ISPs To Start Blocking Tor

from the really-now? dept

The National Police Agency in Japan is apparently asking ISPs in that country to "voluntarily" block the use of Tor, the well-known and widely used system for anonymously surfing the internet.

An expert panel to the NPA, which was looking into measures to combat crimes abusing the Tor system, compiled a report on April 18 stating that blocking online communications at the discretion of site administrators will be effective in preventing such crimes. Based on the recommendation, the NPA will urge the Internet provider industry and other entities to make voluntary efforts to that effect.

This is an extreme and dangerous overreaction. Yes, some people abuse the anonymity of Tor to do illegal things. Just as some people abuse the anonymity of cash to do bad things. But we don't then outlaw cash because of this. There are many, many reasons why people have good reason to seek out an anonymizing tool like Tor to protect their identity. What if they're whistle blowing on organized crime or corruption (say) in the police force? As for the fear that it's being used for criminal activity, that doesn't mean that police cannot identify them through other means. We've seen time and time again people leave digital tracks in other ways when they're committing crimes. Yes, it makes life more difficult for police, and it means they have to do actual detective work, but that's what their job is.

Reader Comments

This is very disturbing. It seems people need to go back to school to remember their history classes. Anonymity was important to key historic events that leaded to important (not always good) outcomes.

I wonder why people freak out that much when it comes to internet related topics when it's perfectly possible to remain anonymous and commit crimes outside it as well...

How?

Given that clients and servers can be configured to use a random port, all traffic encrypted, and any bridge not advertised/listed by the tor project, how can this be done without also stopping other suspicious traffic eg game servers?

Re: Re: How?

You can only say it "works" for very loose definitions of "works". China & Tor have been engaged in the usual cat-and-mouse game for years. China comes up with some new way of blocking Tor, and then Tor changes itself so the block is no longer effective. The technique you describe hasn't been effective for a while.

Re: Food for thought

I also stick with you ! Freedom always comes at a Cost and Anonymity is an important thing.
Governments are all afraid of the Internet.It is obvious they would be.
Bet they thought like this when Books were first printed or Radio.............sending those signals right into your home...Oh My !!!

this is just another ridiculous measure thought up by the entertainment industries, basically for their own gain. if there is no 'voluntary' measure taken, there will then be new laws put in place after serious lobbying by those industries. the piss taking parts, however, are that those industries that want these measures put in place do not have to do anything, do not have to fund any of them, they do not worry about any collateral damage by way of innocent people or sites being caught up in the blocking causing people to then lose jobs. all they think about is stopping anything and everything that they see as a threat, regardless of the consequences. it is even more frustrating that so many governments, politicians and law enforcement agencies are doing as much as they can to keep that one industry functioning in the way it has for decades, stopping their progression into the digital age, without the slightest thought for the innumerable other companies that are being forced to close unnecessarily. governments in particular want this sort of thing halted because they want to be able to censor the people as much as possible. with information being transferred around so quickly thanks to the 'net, they dont want any sort of anonymity at all. when governments or businesses do wrong, they want it hidden. when it is spread, they want to see who is broadcasting that info.

Re:

You have to remember, this is Japan we're talking about, and have a different mindset than most western world. I for one like to see what those "voluntary" requirement will ensue, but I won't be surprised if the ISP cave in without having introducing any kind of law.

For example, there's a Japanese game modding forum which frowns, if not ban outright, foreigners. Why? Cos the "foreigners" by large won't respect the original mod author's wishes for not distributing/re-uploading their work, even if there's "transformative works" involved. As for the native, if the author say "jump", all will ask "how high".

Whether that example can be applied to this matter remain to be seen. But that example is inline with what I know about Japan's history.

Re: Re:

Indeed we are talking about a different culture. When we go back to the times of the samurais and all that honor thing and harakiris (whatever you write it) then there may be a heavier moral component. However I'm not sure if this extra layer justifies trampling with anonymity tools. And you can go to any forum in Japan (2ch comes to mind) and you won't see people using their real names. In any case I like the angle you raised here, it's worth discussing over and I'm sure people with more knowledge will weight in.

Japan

Oh, come on... This is ONE example out of the many dozens in Japan! Yes, they have a more feudal society thanks to their history of the mercantilists winning more power and clout, but you also see more reliance on the government and the government being forced to LISTEN because of their homogenous culture.

What IS happening is that the publishers are exerting their force disproportionately. What isn't being discussed is the rumbles of new culture that come out of this publisher battle. IE, smaller distributors are going to be rising up to oppose these things and individuals are not going to like this publisher battle.

I'm still not positive that people will enjoy not having access to 2Ch without a shitton of protest though. Something like that is going to force people to really get PO'd about a government that is only focused on the entertainment industry, similarly to how the nuclear reactor explosion forced people to ban nuclear power.

Re: Re: Re:

I'm not saying that the morality/honor codes justify censoring speech. What I'm saying is that IMO a call for ISP to "voluntarily" block speech (by way of blocking Tor) tend to have more gravity than the same call made in the western culture, even without dubiously worded laws and/or backroom deals.

What? TOR isn't a shield against ISP man-in-the-middle?

There's that aspect, but my last results were that fanboys didn't grasp that if ISPs aren't forced to be common carriers then you've a SPY who knows exactly who you are and where. (A common carrier must be neutral, as in the network neutrality that I believe Mike pooh-poohed?)

I attribute increased policing action to bad actors: little criminals who wish to commit small scale crimes, and MEGA-actors who spy full time and will soon take over everything, literally become Big Brother. I'm trapped in the shrinking area between various types of criminals.

Moves to do away with TOR is the inevitable result of small and large scale criminals, for differing reasons. The former don't wish it, but do cause it, and corporations have an openly stated goal to strip away privacy for allegedly commercial spying: that's mainly Google and Facebook. (Yeah, I know: HUH? Just consider it as hidden cause when you see TOR outlawed in your own country.)

"This is an extreme and dangerous overreaction." -- WELL, Mike, that's not surprising, just typical of gov't. It's also the way Big Business operates, increasingly so in the de-regulated era that you favor. This is more of the trend to outright fascism in a surveillance society.

But just on the individual use: "good" reasons for using TOR are almost certainly a small fraction of "bad" reasons; it'd be an exception to every other area if not, and SO as ever, "pirates" and criminals DO in practice wreck it for everyone who's not. -- And to be clear again, that's separate from the (yet unseen but must be rising) pressure from Google and Facebook to bring ISPs into their spy systems.

Re: What? TOR isn't a shield against ISP man-in-the-middle?

Google is the main reason there are people in Africa starving haven't you heard? There are also ethereal studies directly linking Google, increase in sexual activity among ornithorhyncus and alien attacks.

Did it make any sense? Good, that's what I thought when I read your comment.

Re: What? TOR isn't a shield against ISP man-in-the-middle?

Fascism and de-regulation are literally opposites. Based on your usage above you appear to be under the impression they're synonyms. Which suggests you don't really understand what either of them actually are and are just using them as buzzwords. In the future, to appear more credible and less insane, I'd suggest sticking to buzzwords that mean the same things to describe a thing to avoid this.

Re: What? TOR isn't a shield against ISP man-in-the-middle?

"(A common carrier must be neutral, as in the network neutrality that I believe Mike pooh-poohed?)"

Unless you have a link to where he did this, I'll just assume you're hallucinating again. Unless you back up your rants for once, everything I recall Mike saying about net neutrality is in favour of them being common carriers.

Like every point you seem to think you're making in that idiot rant, it's the opposite of reality, the easy strawman you wish you were fighting instead of the harsh reality in front of you.

Re: What? TOR isn't a shield against ISP man-in-the-middle?

I don't think your comment should have been flagged. It's one of the few you make that wasn't abusive or off-topic.

First, please stop using the term "man-in-the-middle". You don't understand what it means. If your encryption key handling is being done properly, you won't have MITM problems -- even if your ISP is actively trying subvert your communications.

Common carrier status doesn't enter into it. Security that relies on the law for effectiveness is very, very weak security.

"good" reasons for using TOR are almost certainly a small fraction of "bad" reasons;

This assertion requires some kind of evidence (or at least an explanation for why you think this would be true). I know a lot of people who use Tor. None of them use it for illegal purposes. Although whether it's most used for legal purposes or not shouldn't be relevant.

it'd be an exception to every other area if not

Again, evidence is required. But let's say you're correct: then what you're saying is that everything should be illegal?

"pirates" and criminals DO in practice wreck it for everyone who's not

No. Overzealous and disproportionate reactions from authorities are what wrecks it for everyone.

Say that there's an "effective" ways to block Tor. What's to stop people to just abandon ship and use yet another anonymizer? Tor isn't the only one in the game, there are others. Then they'll be calling to block those as well, and people just pick up yet another one. This will go on and on until everything is blocked including legal channels.

The only sure way to stop crimes/abuse/cyber-blah is NOT having internet in the 1st place. Are anybody willing to make the commitment to obliterate the internet entirely "just for the children"?

I'd say enough is enough. Choose: either have unfettered internet or destroy it entirely. We can't have it both ways, and anyone saying there's a middle ground in this is delusional at best.

Re:

Define 'suspicious activity' with regards to Tor though.

Given the whole idea of a program like Tor is to anonymize what is sent and received, there really is no way to spot 'suspicious activity' with regards to someone using a program like that without making it completely useless for it's intended purpose, that of anonymous communication.

out_of_the_blue - Tor is not a P2p program

you may be able to see Pirate bay again (and there is nothing worng with seeing a site), but if you click on a torrent it comes down your torrent program not through Tor. SO as ever, "pirates" DO NOT in practice wreck it for everyone.

Isn't this going a bit to far? What imaginary crimes are they talking about? What about the good things that anonymity brings to the marketplace/world? Citizens are not like governments in that they need privacy just to exist. While government needs openness to build citizen trust.

How will anyone bring down dictators or corrupt politicians? TOR is a valuable international tool for peace oriented organizations to survive in hostile dictator/tyrant/communist environments. If this is successful its likely people will die.

Is this just another symptom of law enforcement laziness? Asking ISP's to do the dirty work of suppressing free speech is a method used in communist countries. What authority does Japans NPA have to issue such a deceleration?

What dangerous precedent is being laid here? If the ISP's cave into this then next they will find themselves responsible for it as well as more and more 'requests' are added.

Don't let Japans MPAA or RIAA hear of this or they will 'ask' for the same thing but for their own selfish purposes. Talk about huge mistakes it would be really stupid for any ISP to allow such. It would be a huge expensive mistake. (just look how much google invests in verifying DCMA take-down notices.)

Would complain more but it would sound hypocritical with the US govmt now trying to pass CISPA the end all of end all spying acts. Up next is the govmt bathroom cam with smell sensor. (and it will be a crime if it stinks too much.)

We've seen time and time again people leave digital tracks in other ways when they're committing crimes. Yes, it makes life more difficult for police, and it means they have to do actual detective work, but that's what their job is.

Also, people committing crimes that have *actual victims* usually leave *physical* tracks.

Most crimes *worth prosecuting* take place at least partially in meatspace. Murder. Burglary. Child abuse. Etc. All leave forensic traces where things were stolen or people were abducted or killed.

The only real biggies that might be done all-online are espionage and wire fraud. Both can be defeated (or at least forced to use more intrusive methods than a port probe run over Tor) by using adequate security on the target machines. If they can't be hacked by sending malicious packets to their public IP addresses, thieves have to physically break in, or at least physically splice cables somewhere or do a drive by WiFi probe looking for an open or WEP router on the wrong side of their firewall.

Wire fraud also has the niggling little issue of how the thief is supposed to get his grubby mitts on the money. Small scale fraud isn't compatible with numbered Swiss accounts and untraceable wire transfers thereto; large scale typically reveals itself when the crook lives above his nominal means afterwards. Petty fraud with online conversion of the gains to ill-gotten Bitcoins might happen in the future at high enough rates to become a big deal, or might not. Credit card number conversion to goods results in stuff having to be shipped somewhere. For that matter, Bitcoin conversion to goods. Bitcoins can be spent somewhat anonymously, but if wire fraud money is transferred to an online brokerage that converts to Bitcoins, this can be discovered, and merchants asked to look for the same Bitcoin hashes, then alert law enforcement to the shipping info provided when "hot" Bitcoins are spent. Like paper bills, Bitcoins have unique serial numbers on them, or they could be counterfeit, and these can be used to track one's travels and link a fraudulent conversion to a goods shipment so the cops can be waiting to pounce at the P.O. box when the ill-gotten goods are collected.

And other than hacking, the *only* activities it's possible to carry out all-online are ones the First Amendment's supposed to protect, and which lack victims.

(Well, cyberbullying maybe has victims, but block/ignore/killfile/unplug is generally sufficient to protect oneself, short of the cyberbully resorting to hacking to bypass the block, whence we're back to securing computers again.)

Okay so the Japanese police want to ban TOR.
Quick question - why haven't the police sought to bring a case against the US Navy? In case you're wondering what this question has to do with anything...they're the people who invented TOR.

Reasons

From the original article:

"Over the past several years, the Tor system was abused in a number of crimes including the posting of online murder threats on Internet bulletin boards, theft of money from accounts via illegal accesses to Internet banking sites, postings on dating sites by those seeking relationships with children, and leakages of security information from the Metropolitan Police Department."

They are not blocking Tor...

Actually, the police is asking to ISPs to create a publicly queriable blacklist containing all known Tor nodes, so that web site owner can choose to deny access from obfuscated sources.

It will be up to the site owner to block Tor or not to block Tor.

This is a direct response to recent incidents where criminals hid behind Tor whie remotely operating bot infected pcs to incriminate the owner of the pcs. If BBSes can choose to limit access from obfuscated sources, it can help reduce inital exposures to the bot software posted on those BBSes.

Note that the implementation of the limitation is totally up to the site admin. The site admin can alternately set flag like "This post was written from Tor", instead of denying access.

Stop The NPA

I am working on something better

I'm in the preliminary (base specification writing) stages of writing software that should be far more resilient and anonymity-friendly than Tor; in fact, Tor was one of my main vulnerability case studies when I decided to work on the problems of censorship and free anonymous speech online. I don't have the details ready for public consumption, but I'm working them out. Of course, it's all vaporware right now, so maybe I'm just trying to feel a little less pessimistic, eh?